0

so, this is probably a dumb question, but is it possible to execute the header function in a php file if I'm getting a response with AJAX?

In my case, I have a login form that gets error codes from the PHP script (custom error numbers hardcoded by me for testing) through AJAX (to avoid reloading the page) and alerts the associated message with JS, but if the username and password is correct, I want to create a PHP cookie and do a redirect. However I think AJAX only allows getting data, right?

This is my code:

JS

$.ajax({
    type: 'POST',
    url: 'validate.php',
    data: $this.serialize(),
    success: function(response) {
        var responseCode = parseInt(response);
        alert(codes[responseCode]);
    }
});

PHP

if(empty($user)){
    echo 901;
}else{
    if(hash_equals($user->hash, crypt($password, $user->hash))){
        setCookie(etc...); //this is
        header('admin.php'); //what is not executing because I'm using AJAX
    }else{
        echo 902;
    }
}

Please sorry if the question doesn't even make sense at all but I couldn't find a solution. Thanks in advance!

EDIT: I did not include the rest of the code to avoid complicating stuff, but if you need it for giving an anwser I'll add it right away! (:

Peter Zelak
  • 95
  • 1
  • 10

4 Answers4

0

You're right, you can't intermix like that. The php would simply execute right away, since it has no knowledge of the javascript and will be interpreted by the server at runtime, whereas the js will be interpreted by the browser.

One possible solution is to set a cookie with js and redirect with js as well. Or you could have the server that receives the login request set the cookie when the login request succeeds and have the js do the redirect after it gets a successful response from the server.

Rose Robertson
  • 1,236
  • 7
  • 14
  • So, redirect with JS when getting success code, and set the cookie on the php script right before echoing the response code? – Peter Zelak Oct 30 '16 at 05:39
  • Not quite. You basically can't do any conditional PHP the way I think you want to based on an ajax request. Once it's in javascript's hands, the php has all already run. (This is assuming all this code is in the same file) – Rose Robertson Oct 30 '16 at 05:42
  • So, I tried setting the cookie from the PHP script before sending the success response code and it worked because it created the cookie, and then I redirected from the JS! Thanks! And a last question, can I only store the username on the cookie and then display data based on the username (using the username to take out code from the database), or is it insecure? Can users access cookies so they create a false cookie with an username and they can access all the data from that user? – Peter Zelak Oct 30 '16 at 05:49
  • Yes users can absolutely create false cookies like that. I am not an expert on login security but there are some other questions on stack overflow about secure login cookies. Here's one - http://stackoverflow.com/questions/7591728/designing-a-secure-auto-login-cookie-system-in-php – Rose Robertson Oct 30 '16 at 05:52
0

You can't do like that because ajax request process in backed and return the particular response and if you want to store the cookies and redirect then you should do it in javascript side while you get the response success

$.ajax({
    type: 'POST',
    url: 'validate.php',
    data: $this.serialize(),
    success: function(response) {
        var responseCode = parseInt(response);
        alert(codes[responseCode]);

        window.location = "admin.php";
    }
});

if(empty($user)){
    setCookie(etc...); //this is
    echo 901;
}else{
    if(hash_equals($user->hash, crypt($password, $user->hash))){
        echo response// what every you want to store
    }else{
        echo 902;
    }
}
Jaydip Bhingradiya
  • 328
  • 1
  • 7
0

If the ajax response satisfies your condition for redirection, you can use below:

$.ajax({
    type: 'POST',
    url: 'validate.php',
    data: $this.serialize(),
    success: function(response) {
        var responseCode = parseInt(response);
        alert(codes[responseCode]);
        window.location="%LINK HERE%";
    }
});

It's kind of ironic that you use ajax to avoid loading the page, but you'll be redirecting in another page anyway.

Daniel Tamayo
  • 25
  • 8
0

test sending data in json format:

Javascript

$.ajax({
   type: 'POST',
   url: 'validate.php',
   data: $this.serialize(),
   success: function(response) {
      if(response.success){
         window.location="%LINK HERE%";
      }else{
         var responseCode = parseInt(response.code);
         alert(responseCode);
         ...
      }
   }
});

PHP

header("Content-type: application/json");

if(empty($user)){
    echo json_encode(['success' => false, 'code' => 901]);
}else{
    if(hash_equals($user->hash, crypt($password, $user->hash))){
       echo json_encode(['success' => true, 'data' => response]);
    }else{
       echo json_encode(['success' => false, 'code' => 902]);
    }
}
José Eduardo Rios
  • 31
  • 3